I have created a “Self-Hosted” Application in Zero Trust Access for a website proxied via Cloudflare, and am trying to configure it to allow access for a service token.
I have created a Service Token, and a single “Service Auth” policy with an “Include” rule for the service token:
However attempting to access the website using the service token ID and secret e.g. with curl results in a 403 response:
curl -v https://xxxxxxxxxx/ -H 'CF-Access-Client-Id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.access' -H 'CF-Access-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Should this work? If so, what am I doing wrong?